Sample viewer

vx.netlux.org/Virus.DOS.66c.612

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T23:03:50.056138197Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c55
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c57
0x12a87: call 0x12c35
0x12a8a: call 0x12c22
0x12a8d: mov si, bp
0x12a8f: add si, 0x24a
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9b: nop
0x12a9c: call 0x12c09
2018-12-17T23:03:50.059203808Z 26 PC: 12c3f | Set disk transfer address
2018-12-17T23:03:50.060591182Z 78 PC: 12c2f | Find first file
2018-12-17T23:03:50.066424886Z 61 PC: 12c14 | Open file (Filename = 'SLEEP.COM')
2018-12-17T23:03:50.073606177Z 87 PC: 12bf7 | Get or set file date and time
2018-12-17T23:03:50.074975058Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:03:50.081240091Z 66 PC: 12abd | Move file pointer
2018-12-17T23:03:50.083478221Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-17T23:03:50.102476843Z 66 PC: 12b21 | Move file pointer
2018-12-17T23:03:50.103793857Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:03:50.110212527Z 87 PC: 12bf2 | Get or set file date and time
2018-12-17T23:03:50.112324949Z 62 PC: 12b39 | Close file
2018-12-17T23:03:50.119882342Z 79 PC: 12afa | Find next file
2018-12-17T23:03:50.122419659Z 61 PC: 12c14 | Open file (Filename = 'PRINT.COM')
2018-12-17T23:03:50.129173682Z 87 PC: 12bf7 | Get or set file date and time
2018-12-17T23:03:50.131314025Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:03:50.137698609Z 66 PC: 12abd | Move file pointer
2018-12-17T23:03:50.139734955Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-17T23:03:50.147628222Z 66 PC: 12b21 | Move file pointer
2018-12-17T23:03:50.148972014Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:03:50.155966627Z 87 PC: 12bf2 | Get or set file date and time
2018-12-17T23:03:50.157448955Z 62 PC: 12b39 | Close file
2018-12-17T23:03:50.165377642Z 79 PC: 12afa | Find next file
2018-12-17T23:03:50.169225646Z 61 PC: 12c14 | Open file (Filename = 'HELLO.COM')
2018-12-17T23:03:50.176141738Z 87 PC: 12bf7 | Get or set file date and time
2018-12-17T23:03:50.177472058Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:03:50.184628816Z 66 PC: 12abd | Move file pointer
2018-12-17T23:03:50.186438004Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-17T23:03:50.194419436Z 66 PC: 12b21 | Move file pointer
2018-12-17T23:03:50.197161878Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:03:50.204009925Z 87 PC: 12bf2 | Get or set file date and time
2018-12-17T23:03:50.205457514Z 62 PC: 12b39 | Close file
2018-12-17T23:03:50.214086699Z 79 PC: 12afa | Find next file
2018-12-17T23:03:50.216952744Z 61 PC: 12c14 | Open file (Filename = 'PHANG.COM')
2018-12-17T23:03:50.223413788Z 87 PC: 12bf7 | Get or set file date and time
2018-12-17T23:03:50.225040938Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:03:50.231384951Z 66 PC: 12abd | Move file pointer
2018-12-17T23:03:50.232867017Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-17T23:03:50.240727983Z 66 PC: 12b21 | Move file pointer
2018-12-17T23:03:50.242660443Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:03:50.249294559Z 87 PC: 12bf2 | Get or set file date and time
2018-12-17T23:03:50.251024504Z 62 PC: 12b39 | Close file
2018-12-17T23:03:50.259548772Z 79 PC: 12afa | Find next file
2018-12-17T23:03:50.26199231Z 61 PC: 12c14 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T23:03:50.269352267Z 87 PC: 12bf7 | Get or set file date and time
2018-12-17T23:03:50.271378085Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:03:50.27773075Z 66 PC: 12abd | Move file pointer
2018-12-17T23:03:50.279349767Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-17T23:03:50.287865827Z 66 PC: 12b21 | Move file pointer
2018-12-17T23:03:50.289334713Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:03:50.295978411Z 87 PC: 12bf2 | Get or set file date and time
2018-12-17T23:03:50.298508504Z 62 PC: 12b39 | Close file
2018-12-17T23:03:50.306078476Z 79 PC: 12afa | Find next file
2018-12-17T23:03:50.30776444Z 61 PC: 12c14 | Open file (Filename = 'MANDEL.COM')
2018-12-17T23:03:50.317702316Z 87 PC: 12bf7 | Get or set file date and time
2018-12-17T23:03:50.31912678Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:03:50.325319167Z 66 PC: 12abd | Move file pointer
2018-12-17T23:03:50.327172745Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-17T23:03:50.335905286Z 66 PC: 12b21 | Move file pointer
2018-12-17T23:03:50.337095503Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:03:50.344094019Z 87 PC: 12bf2 | Get or set file date and time
2018-12-17T23:03:50.345507871Z 62 PC: 12b39 | Close file
2018-12-17T23:03:50.353281379Z 79 PC: 12afa | Find next file
2018-12-17T23:03:50.356917243Z 61 PC: 12c14 | Open file (Filename = 'PAH.COM')
2018-12-17T23:03:50.362971806Z 87 PC: 12bf7 | Get or set file date and time
2018-12-17T23:03:50.364429262Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:03:50.371156123Z 66 PC: 12abd | Move file pointer
2018-12-17T23:03:50.372561731Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-17T23:03:50.380262382Z 66 PC: 12b21 | Move file pointer
2018-12-17T23:03:50.386347283Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:03:50.39282749Z 87 PC: 12bf2 | Get or set file date and time
2018-12-17T23:03:50.394426512Z 62 PC: 12b39 | Close file
2018-12-17T23:03:50.402885832Z 79 PC: 12afa | Find next file
2018-12-17T23:03:50.4060135Z 61 PC: 12c14 | Open file (Filename = 'TEST.COM')
2018-12-17T23:03:50.412437174Z 87 PC: 12bf7 | Get or set file date and time
2018-12-17T23:03:50.414850362Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-17T23:03:50.41740113Z 66 PC: 12abd | Move file pointer
2018-12-17T23:03:50.418883114Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-17T23:03:50.427639273Z 66 PC: 12b21 | Move file pointer
2018-12-17T23:03:50.429459338Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-17T23:03:50.43287031Z 87 PC: 12bf2 | Get or set file date and time
2018-12-17T23:03:50.435529733Z 62 PC: 12b39 | Close file
2018-12-17T23:03:50.443807757Z 79 PC: 12afa | Find next file

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14664,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:16.304778598Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c55
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c57
0x12a87: call 0x12c35
0x12a8a: call 0x12c22
0x12a8d: mov si, bp
0x12a8f: add si, 0x24a
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9b: nop
0x12a9c: call 0x12c09
2018-12-25T12:41:16.311132897Z 26 PC: 12c3f | Set disk transfer address
2018-12-25T12:41:16.31238236Z 78 PC: 12c2f | Find first file
2018-12-25T12:41:16.318376665Z 61 PC: 12c14 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:16.327158014Z 87 PC: 12bf7 | Get or set file date and time
2018-12-25T12:41:16.328959306Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:41:16.335179838Z 66 PC: 12abd | Move file pointer
2018-12-25T12:41:16.338605731Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-25T12:41:16.354177075Z 66 PC: 12b21 | Move file pointer
2018-12-25T12:41:16.356062524Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:41:16.363917287Z 87 PC: 12bf2 | Get or set file date and time
2018-12-25T12:41:16.365808212Z 62 PC: 12b39 | Close file
2018-12-25T12:41:16.374446508Z 79 PC: 12afa | Find next file
2018-12-25T12:41:16.378461861Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:16.390009181Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:16.39164747Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:16.405876984Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:16.407890021Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:16.4167718Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:16.418177071Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:16.426627653Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:16.446675999Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:16.454389853Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:16.457914141Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:16.476457169Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:16.478413442Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:16.486222326Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:16.488171417Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:16.496245453Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:16.498794411Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:16.505756395Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:16.507576921Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:16.51603575Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:16.520929544Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:16.527531553Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:16.529020211Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:16.535897764Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:16.537464426Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:16.545381904Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:16.549402749Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:16.555947255Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:16.557565545Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:16.566263592Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:16.56935944Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:16.57606018Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:16.578502903Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:16.585679285Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:16.587414754Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:16.596120257Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:16.614771713Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:16.626598827Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:16.628621523Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:16.637118661Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:16.640737166Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:16.667029623Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:16.671439192Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:16.677664711Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:16.679155279Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:16.69315731Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:16.694451031Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:16.701111162Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:16.702821649Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:16.710411986Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:16.713622166Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:16.720468613Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:16.722020975Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:16.728375287Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:16.730548422Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:16.738203122Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:16.739578037Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:16.746993105Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:16.750382436Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:16.765013833Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:16.768552034Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:16.775301657Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:16.77711254Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:16.781070017Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:16.782655081Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:16.790593603Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:16.792871194Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:16.795631894Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:16.797057235Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:16.805237887Z 79 PC: 12afa | Find next file (See above)

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14664,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:16.682605423Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c55
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c57
0x12a87: call 0x12c35
0x12a8a: call 0x12c22
0x12a8d: mov si, bp
0x12a8f: add si, 0x24a
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9b: nop
0x12a9c: call 0x12c09
2018-12-25T12:41:16.685966855Z 65 PC: 12c5e | Delete file (Filename = 'A:\TEST.COM')

{"DateBased":true,"Day":2,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14664,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:16.825544813Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c55
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c57
0x12a87: call 0x12c35
0x12a8a: call 0x12c22
0x12a8d: mov si, bp
0x12a8f: add si, 0x24a
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9b: nop
0x12a9c: call 0x12c09
2018-12-25T12:41:16.828141428Z 26 PC: 12c3f | Set disk transfer address
2018-12-25T12:41:16.829925857Z 78 PC: 12c2f | Find first file
2018-12-25T12:41:16.851300204Z 61 PC: 12c14 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:16.866331652Z 87 PC: 12bf7 | Get or set file date and time
2018-12-25T12:41:16.868621655Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:41:16.87572425Z 66 PC: 12abd | Move file pointer
2018-12-25T12:41:16.877470817Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-25T12:41:16.894327998Z 66 PC: 12b21 | Move file pointer
2018-12-25T12:41:16.89717155Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:41:16.905014108Z 87 PC: 12bf2 | Get or set file date and time
2018-12-25T12:41:16.90691018Z 62 PC: 12b39 | Close file
2018-12-25T12:41:16.916626523Z 79 PC: 12afa | Find next file
2018-12-25T12:41:16.919662931Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:16.927185036Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:16.935832374Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:16.943965765Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:16.946089638Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:16.956182257Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:16.957838299Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:16.965301696Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:16.968077729Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:16.981006095Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:16.984320578Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:16.991819522Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.003341438Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.011260358Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.013430982Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.024605571Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.027125925Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.035927394Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.050715661Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.059765888Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:17.062992345Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:17.072980228Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.076083284Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.08401694Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.086534144Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.096615139Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.098663037Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.106681714Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.108786625Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.12120406Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:17.124602293Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:17.148608929Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.150257754Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.157975302Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.161394596Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.170268634Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.171846404Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.180133913Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.182252436Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.191568063Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:17.195653935Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:17.20357908Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.205588627Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.213109701Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.21585428Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.226323467Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.228280645Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.237156355Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.238874949Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.255695124Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:17.264705612Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:17.272169298Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.273789111Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.281819493Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.28507651Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.295392499Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.297843911Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.306040532Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.30889586Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.328401987Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:17.333360277Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:17.345098662Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.347109122Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.351276724Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.353355172Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.363044305Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.365382242Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.368904689Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.370982277Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.380741156Z 79 PC: 12afa | Find next file (See above)

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14664,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:16.933553406Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c55
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c57
0x12a87: call 0x12c35
0x12a8a: call 0x12c22
0x12a8d: mov si, bp
0x12a8f: add si, 0x24a
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9b: nop
0x12a9c: call 0x12c09
2018-12-25T12:41:16.935998951Z 26 PC: 12c3f | Set disk transfer address
2018-12-25T12:41:16.938034025Z 78 PC: 12c2f | Find first file
2018-12-25T12:41:16.94515473Z 61 PC: 12c14 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:16.952831848Z 87 PC: 12bf7 | Get or set file date and time
2018-12-25T12:41:16.955619799Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:41:16.962681482Z 66 PC: 12abd | Move file pointer
2018-12-25T12:41:16.964398161Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-25T12:41:16.982011718Z 66 PC: 12b21 | Move file pointer
2018-12-25T12:41:16.984011608Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:41:17.007892173Z 87 PC: 12bf2 | Get or set file date and time
2018-12-25T12:41:17.011174358Z 62 PC: 12b39 | Close file
2018-12-25T12:41:17.020161118Z 79 PC: 12afa | Find next file
2018-12-25T12:41:17.023246213Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:17.030900317Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.033627247Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.041163906Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.043298435Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.068544221Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.073339026Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.080975646Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.083378871Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.093332419Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:17.0963312Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:17.119143351Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.121733333Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.128932878Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.131066589Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.140441433Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.142224646Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.152430895Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.159584135Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.169353612Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:17.172874168Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:17.182508685Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.184702122Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.192406227Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.195254964Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.204239632Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.206121614Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.21488239Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.217175447Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.226611035Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:17.230410668Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:17.238446012Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.240360817Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.248810595Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.251236862Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.260339866Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.26216433Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.271991688Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.274019955Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.283082424Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:17.286942803Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:17.29480235Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.296869996Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.314678762Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.316419585Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.327779532Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.333906866Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.341411823Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.343183318Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.352913203Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:17.35628215Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:17.364029117Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.366248526Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.374474812Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.376473631Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.385785536Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.388617266Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.397245372Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.399317803Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.40937515Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:17.412910107Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:17.420627314Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:17.423232505Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:17.426465872Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:17.428499737Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:17.438627837Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:17.440414558Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:17.443947556Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:17.446570332Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:17.456047696Z 79 PC: 12afa | Find next file (See above)

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14664,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:16.988379508Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c55
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c57
0x12a87: call 0x12c35
0x12a8a: call 0x12c22
0x12a8d: mov si, bp
0x12a8f: add si, 0x24a
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9b: nop
0x12a9c: call 0x12c09

{"DateBased":true,"Day":25,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14664,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:18.537080361Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c55
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c57
0x12a87: call 0x12c35
0x12a8a: call 0x12c22
0x12a8d: mov si, bp
0x12a8f: add si, 0x24a
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9b: nop
0x12a9c: call 0x12c09

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14664,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:18.562828919Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c55
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c57
0x12a87: call 0x12c35
0x12a8a: call 0x12c22
0x12a8d: mov si, bp
0x12a8f: add si, 0x24a
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9b: nop
0x12a9c: call 0x12c09
2018-12-25T12:41:18.56683236Z 26 PC: 12c3f | Set disk transfer address
2018-12-25T12:41:18.568456208Z 78 PC: 12c2f | Find first file
2018-12-25T12:41:18.575368147Z 61 PC: 12c14 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:18.583853357Z 87 PC: 12bf7 | Get or set file date and time
2018-12-25T12:41:18.585749369Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:41:18.592673975Z 66 PC: 12abd | Move file pointer
2018-12-25T12:41:18.594485112Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-25T12:41:18.612736447Z 66 PC: 12b21 | Move file pointer
2018-12-25T12:41:18.614959309Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:41:18.639396766Z 87 PC: 12bf2 | Get or set file date and time
2018-12-25T12:41:18.64316739Z 62 PC: 12b39 | Close file
2018-12-25T12:41:18.652614187Z 79 PC: 12afa | Find next file
2018-12-25T12:41:18.656056972Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:18.673109332Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:18.675633504Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:18.682882759Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:18.685556511Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:18.691946639Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:18.69365518Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:18.699456225Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:18.701125018Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:18.708274528Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:18.710301861Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:18.715886975Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:18.717209Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:18.721508554Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:18.733631593Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:18.740608379Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:18.7418449Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:18.748412044Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:18.750486959Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:18.756219827Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:18.760092437Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:18.765435506Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:18.777580001Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:18.785848861Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:18.788287267Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:18.7973132Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:18.799179191Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:18.807525264Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:18.810365224Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:18.81969168Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:18.823856991Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:18.832094992Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:18.833967703Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:18.841984093Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:18.848881241Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:18.858934142Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:18.861428806Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:18.869267949Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:18.871464259Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:18.881995461Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:18.887850969Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:18.896245784Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:18.898189311Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:18.906570229Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:18.908322946Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:18.918769626Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:18.921322072Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:18.928855866Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:18.930822407Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:18.940539391Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:18.943798765Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:18.951383003Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:18.9598082Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:18.967862478Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:18.969944164Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:18.97923829Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:18.98140586Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:18.98906784Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:18.991144233Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.029137766Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:19.032104501Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:19.039412067Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:19.041890655Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:19.045494448Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:19.047535703Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:19.05753095Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:19.058966826Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:19.062017709Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:19.064537682Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.073405561Z 79 PC: 12afa | Find next file (See above)

{"DateBased":true,"Day":1,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14664,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:18.564878561Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c55
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c57
0x12a87: call 0x12c35
0x12a8a: call 0x12c22
0x12a8d: mov si, bp
0x12a8f: add si, 0x24a
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9b: nop
0x12a9c: call 0x12c09
2018-12-25T12:41:18.568141772Z 65 PC: 12c5e | Delete file (Filename = 'A:\TEST.COM')

{"DateBased":true,"Day":2,"Month":4,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14664,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:18.82704164Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c55
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c57
0x12a87: call 0x12c35
0x12a8a: call 0x12c22
0x12a8d: mov si, bp
0x12a8f: add si, 0x24a
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9b: nop
0x12a9c: call 0x12c09
2018-12-25T12:41:18.830457648Z 26 PC: 12c3f | Set disk transfer address
2018-12-25T12:41:18.831580468Z 78 PC: 12c2f | Find first file
2018-12-25T12:41:18.837598328Z 61 PC: 12c14 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:18.844469837Z 87 PC: 12bf7 | Get or set file date and time
2018-12-25T12:41:18.84651151Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:41:18.852621628Z 66 PC: 12abd | Move file pointer
2018-12-25T12:41:18.854242169Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-25T12:41:18.868103478Z 66 PC: 12b21 | Move file pointer
2018-12-25T12:41:18.869709067Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:41:18.876802759Z 87 PC: 12bf2 | Get or set file date and time
2018-12-25T12:41:18.879164076Z 62 PC: 12b39 | Close file
2018-12-25T12:41:18.892605181Z 79 PC: 12afa | Find next file
2018-12-25T12:41:18.895291734Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:18.90214291Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:18.903588035Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:18.910823494Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:18.925638333Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:18.934135635Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:18.935272077Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:18.948546917Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:18.950769202Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:18.95855446Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:18.962553774Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:18.96898323Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:18.970334013Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:18.982126248Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:18.983608145Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:18.99124443Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:18.993353885Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:19.006955149Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:19.008457925Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.016336191Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:19.025662391Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:19.032898274Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:19.034840525Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:19.04442099Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:19.045968684Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:19.053667802Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:19.055837972Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:19.062141544Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:19.063556049Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.072008927Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:19.074579473Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:19.081157389Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:19.090855987Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:19.097322156Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:19.099183634Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:19.108179754Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:19.110470195Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:19.117170978Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:19.119627658Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.127664721Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:19.130530857Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:19.137169999Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:19.139820322Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:19.146251721Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:19.147973834Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:19.157281371Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:19.158881391Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:19.165482334Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:19.168129326Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.176566747Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:19.1794071Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:19.186916976Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:19.190564115Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:19.197058005Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:19.199491275Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:19.207249471Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:19.209529129Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:19.217443938Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:19.219075041Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.226783698Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:19.230660144Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:19.237339858Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:19.239004715Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:19.243258116Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:19.245366509Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:19.253483588Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:19.255323208Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:19.259672395Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:19.261433909Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.269310986Z 79 PC: 12afa | Find next file (See above)

{"DateBased":true,"Day":1,"Month":12,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":14664,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:41:18.841893275Z 42 PC: 12a6d | Get date 0x12a6d: cmp dh, 0xc
0x12a70: jne 0x12a7a
0x12a72: cmp dl, 0x19
0x12a75: jne 0x12a7a
0x12a77: jmp 0x12c55
0x12a7a: cmp dh, 4
0x12a7d: jne 0x12a87
0x12a7f: cmp dl, 1
0x12a82: jne 0x12a87
0x12a84: jmp 0x12c57
0x12a87: call 0x12c35
0x12a8a: call 0x12c22
0x12a8d: mov si, bp
0x12a8f: add si, 0x24a
0x12a93: lodsw ax, word ptr [si]
0x12a94: cmp ax, 5
0x12a97: ja 0x12a9c
0x12a99: jmp 0x12af3
0x12a9b: nop
0x12a9c: call 0x12c09
2018-12-25T12:41:18.844571603Z 26 PC: 12c3f | Set disk transfer address
2018-12-25T12:41:18.845604324Z 78 PC: 12c2f | Find first file
2018-12-25T12:41:18.851356575Z 61 PC: 12c14 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:41:18.861880542Z 87 PC: 12bf7 | Get or set file date and time
2018-12-25T12:41:18.863475902Z 63 PC: 12ab3 | Read file or device (Read 5 bytes on handle 5)
2018-12-25T12:41:18.869755741Z 66 PC: 12abd | Move file pointer
2018-12-25T12:41:18.873580509Z 64 PC: 12b17 | Write file or device (Write 612 bytes on handle 5)
2018-12-25T12:41:18.885905814Z 66 PC: 12b21 | Move file pointer
2018-12-25T12:41:18.887332393Z 64 PC: 12b2f | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:41:18.900989889Z 87 PC: 12bf2 | Get or set file date and time
2018-12-25T12:41:18.902854402Z 62 PC: 12b39 | Close file
2018-12-25T12:41:18.910562391Z 79 PC: 12afa | Find next file
2018-12-25T12:41:18.913689095Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:18.920846861Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:18.922535922Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:18.92894331Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:18.930956484Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:18.938857108Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:18.940435116Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:18.947614268Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:18.949364903Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:18.957565249Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:18.961387068Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:18.967659543Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:18.969006299Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:18.975906321Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:18.977341708Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:18.985111217Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:18.987807889Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:18.994437808Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:18.996229913Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.004727285Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:19.007982788Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:19.014576788Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:19.016306334Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:19.024012181Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:19.025732364Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:19.030787325Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:19.032436129Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:19.036445184Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:19.037549184Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.042983026Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:19.044634594Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:19.04860897Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:19.05019278Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:19.054423194Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:19.055446272Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:19.060884784Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:19.061925258Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:19.065902483Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:19.067060221Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.0726263Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:19.090816154Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:19.098247718Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:19.100641656Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:19.108043637Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:19.109432935Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:19.118725343Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:19.120687478Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:19.127631624Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:19.130341137Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.138475925Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:19.141380485Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:19.148867976Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:19.150666764Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:19.159042744Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:19.161955137Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:19.170962282Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:19.172372011Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:19.180493924Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:19.182003807Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.190091172Z 79 PC: 12afa | Find next file (See above)
2018-12-25T12:41:19.196160868Z 61 PC: 12c14 | Open file (See above)
2018-12-25T12:41:19.203085811Z 87 PC: 12bf7 | Get or set file date and time (See above)
2018-12-25T12:41:19.204818994Z 63 PC: 12ab3 | Read file or device (See above)
2018-12-25T12:41:19.208780503Z 66 PC: 12abd | Move file pointer (See above)
2018-12-25T12:41:19.210328045Z 64 PC: 12b17 | Write file or device (See above)
2018-12-25T12:41:19.218377791Z 66 PC: 12b21 | Move file pointer (See above)
2018-12-25T12:41:19.220241958Z 64 PC: 12b2f | Write file or device (See above)
2018-12-25T12:41:19.223264856Z 87 PC: 12bf2 | Get or set file date and time (See above)
2018-12-25T12:41:19.224953048Z 62 PC: 12b39 | Close file (See above)
2018-12-25T12:41:19.233568397Z 79 PC: 12afa | Find next file (See above)